For many IT organizations, firefighting is a way of life to ensure service availability. This is because availability is constantly threatened by changes to the infrastructure that don't conform to IT service management processes and policies.

Change control software links IT service management systems and processes with the infrastructure by providing real-time change tracking, validation of change activity against change tickets, and automated enforcement of change policies. By using change control technology to close the change gap, organizations can increase the availability of IT services, enable the successful implementation of Information Technology Infrastructure Library (ITIL) projects and reduce the cost of compliance initiatives with regulations such as the Sarbanes-Oxley Act.

The people problem

Research has shown that as much as 80% of system unavailability is caused by incorrectly applied change. This includes changes made at unauthorized times or without approved change tickets, and can also include approved changes that are not properly executed.

Current change management processes designed to manage service availability rely heavily on people carefully following policy using manual methods, and are carried out with a limited understanding of the nature of change within the infrastructure. These processes cannot ensure that changes are applied correctly, as they would be if collection of data from the infrastructure and the application of control to the infrastructure were sufficiently automated. Changes often are applied incorrectly, resulting in costly service outages.

Change control delivers, integrates and automates the following capabilities:

IT organizations have typically used scan-based technology to troubleshoot service availability problems, running periodic system scans to analyze differences that might have caused an outage. Performance and operational overhead limit the frequency of scanning, resulting in an out-of-date view of the infrastructure.

Today, change control technology provides complete, up-to-the-moment information about changes to the infrastructure. As users implement changes to the infrastructure, change control software collects information in real time about what changes are being made, when changes are made, how they are made and by whom. This information is then sent to a central repository where an administrator can securely access the information to determine actual change behavior and quickly search for forensic information to resolve service interruptions.

Once changes are tracked and understood, change control software categorizes the information to determine how actual changes deviate from the expected process. The completeness of the change data collected, combined with the fact that it is collected continuously and not in snapshots, enables highly accurate reconciliation with the change process.

The software automatically correlates actual changes with an existing change-ticketing system and automatically populates change tickets with actual change details when necessary. In the case where no documentation or change ticket exists, such as in emergency change activity, change control can close the documentation loop by creating the appropriate change ticket for post-facto review and approval.

Once an organization establishes an approved change process, change control software provides the mechanisms required to enforce the policy. Change control software automatically ensures changes made to the infrastructure are in-line with the change policy and provides selective enforcement of policies based on criteria such as the source of change, the authorized time window for making the change and whether an approved change ticket is associated with the change. Change control can automatically allow programs that are authorized updaters to make changes without restriction, minimizing disruption to operational process.

If a user or program attempts to execute a change outside of an authorized update window, or if an unauthorized program tries to make a change, the changes are stopped before they occur. The software can also require that an approved change ticket ID be input and validated before enabling an update.

Managed service providers who require "five nines" availability use change control to reduce outages and shorten resolution time, while retailers are improving the auditability and availability of their payment infrastructures. Manufacturers also realize enormous cost savings by ensuring changes can only occur during scheduled maintenance windows.

Vaishnav is a vice president of product development for Solidcore Systems. He can be reached at jay@solidcore.com

How it works: Change control software

Change control software is installed on servers to link the IT infrastructure with change processes.

•

Changes are tracked and validated in real time, and change policies are automatically enforced upon deployment.

•

All changes are documented even if they come from outside of the change management process.